[yocto] Issue yocto strip the kernel module signature during packaging

Mark Hatle mark.hatle at windriver.com
Thu Jun 14 13:16:53 PDT 2018 

On 6/13/18 12:10 PM, Mathieu Alexandre-Tétreault wrote:
> Hello,
> 
> I am working to activate the kernel module signature for in-tree and out-of-tree packages.
> While I was debugging the cause of the kernel complaining about unsigned modules.
> I noticed that yocto was stripping the signature information from the binary, therefore I've
> set INHIBIT_PACKAGE_STRIP = "1" for all of my out-of-tree module. Then I had to  set the flag
> for the kernel recipe to fix the issue for my in-tree kernel module.

This sounds like a bug, it should not be stripping that part of the data..  only
debug information.

> My question is:
>    - is there any issue with turning off the stripping for the linux recipe? I'd like to be sure I haven't overlooked anything about this.

The kernel and modules will become much larger.

>    - Would there be a better way to achieve this?

The code runs from meta/classes/package.bbclass, function split_and_strip_files,
near the end you will see:

    if (d.getVar('INHIBIT_PACKAGE_STRIP') != '1'):
        strip = d.getVar("STRIP")
        sfiles = []
        for file in elffiles:
            elf_file = int(elffiles[file])
            #bb.note("Strip %s" % file)
            sfiles.append((file, elf_file, strip))
        for f in kernmods:
            sfiles.append((f, 16, strip))

        oe.utils.multiprocess_exec(sfiles, oe.package.runstrip)


The last line executes oe.package.runstrip, which is defined in
meta/lib/oe/package.py.  It uses the arguments defined by:

    # kernel module
    if elftype & 16:
        stripcmd.extend(["--strip-debug", "--remove-section=.comment",
            "--remove-section=.note", "--preserve-dates"])
    # .so and shared library
    elif ".so" in file and elftype & 8:
        stripcmd.extend(["--remove-section=.comment", "--remove-section=.note",
"--strip-unneeded"])
    # shared or executable:
    elif elftype & 8 or elftype & 4:
        stripcmd.extend(["--remove-section=.comment", "--remove-section=.note"])

First verify that it's using the kernel module, as expected -- assuming it is --
you'll need to find the section that has the information you care about it in..
and figure out how to preserve it with the right arguments.

--Mark

> Cheers,
> 
> Mathieu
>

More information about the yocto mailing list